1000 Hackers In A Box: Failings Of Security Scanners presented at Blackhat USA 1999

by Greg Hoglund (Tripwire security Systems),

Tags: Security

Summary : Last year saw the boom of commercial "security scanners", the very same technology that Dan Farmer was fired for writing over 5 years ago. If you believe the propaganda, these scanners will seem to take you to "security nirvana". However, scanners not only fail to enforce security policy, they encourage bad policy. The applications themselves are full of shortcomings, from false positives to blatant oversights. The market is driven by coverage, resulting in inaccurate tests based on flawed assumptions. If you scan and repair your network with such a scanner, you are no more secure than when you started.